package io.jans.as.server.model.common;

import io.jans.as.common.model.common.User;
import io.jans.as.common.model.registration.Client;
import io.jans.as.model.authzdetails.AuthzDetails;
import io.jans.as.model.common.TokenType;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.util.CertUtils;
import io.jans.as.server.model.authorize.JwtAuthorizationRequest;
import io.jans.as.server.model.authorize.ScopeChecker;
import io.jans.as.server.service.KeyGeneratorTimer;
import io.jans.as.server.service.external.ExternalUpdateTokenService;
import io.jans.as.server.service.external.context.ExternalUpdateTokenContext;
import io.jans.as.server.uma.service.UmaRptService;
import io.jans.as.server.util.TokenHashUtil;
import io.jans.model.token.TokenEntity;
import jakarta.inject.Inject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CopyOnWriteArraySet;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jans/as/server/model/common/AbstractAuthorizationGrant.class */
public abstract class AbstractAuthorizationGrant implements IAuthorizationGrant {
    private static final Logger log = LoggerFactory.getLogger(AbstractAuthorizationGrant.class);

    @Inject
    protected AppConfiguration appConfiguration;

    @Inject
    private ExternalUpdateTokenService externalUpdateTokenService;

    @Inject
    protected ScopeChecker scopeChecker;

    @Inject
    private KeyGeneratorTimer keyGeneratorTimer;
    private User user;
    private AuthorizationGrantType authorizationGrantType;
    private Client client;
    private Set<String> scopes;
    private AuthzDetails authzDetails;
    private String grantId;
    private JwtAuthorizationRequest jwtAuthorizationRequest;
    private Date authenticationTime;
    private TokenEntity tokenEntity;
    private AccessToken longLivedAccessToken;
    private IdToken idToken;
    private AuthorizationCode authorizationCode;
    private String tokenBindingHash;
    private String x5ts256;
    private String nonce;
    private String codeChallenge;
    private String codeChallengeMethod;
    private String claims;
    private String dpopJkt;
    private String acrValues;
    private String sessionDn;
    protected final ConcurrentMap<String, TxToken> txTokens = new ConcurrentHashMap();
    protected final ConcurrentMap<String, AccessToken> accessTokens = new ConcurrentHashMap();
    protected final ConcurrentMap<String, RefreshToken> refreshTokens = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthorizationGrant() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthorizationGrant(User user, AuthorizationGrantType authorizationGrantType, Client client, Date date) {
        init(user, authorizationGrantType, client, date);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(User user, AuthorizationGrantType authorizationGrantType, Client client, Date date) {
        this.authenticationTime = date != null ? new Date(date.getTime()) : null;
        this.user = user;
        this.authorizationGrantType = authorizationGrantType;
        this.client = client;
        this.scopes = new CopyOnWriteArraySet();
        this.grantId = UUID.randomUUID().toString();
    }

    public String getDpopJkt() {
        return this.dpopJkt;
    }

    public void setDpopJkt(String str) {
        this.dpopJkt = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public synchronized String getGrantId() {
        return this.grantId;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public synchronized void setGrantId(String str) {
        this.grantId = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public AuthorizationCode getAuthorizationCode() {
        return this.authorizationCode;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setAuthorizationCode(AuthorizationCode authorizationCode) {
        this.authorizationCode = authorizationCode;
    }

    public String getTokenBindingHash() {
        return this.tokenBindingHash;
    }

    public void setTokenBindingHash(String str) {
        this.tokenBindingHash = str;
    }

    public String getX5ts256() {
        return this.x5ts256;
    }

    public void setX5ts256(String str) {
        this.x5ts256 = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getNonce() {
        return this.nonce;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setNonce(String str) {
        this.nonce = str;
    }

    public String getCodeChallenge() {
        return this.codeChallenge;
    }

    public void setCodeChallenge(String str) {
        this.codeChallenge = str;
    }

    public String getCodeChallengeMethod() {
        return this.codeChallengeMethod;
    }

    public void setCodeChallengeMethod(String str) {
        this.codeChallengeMethod = str;
    }

    public String getClaims() {
        return this.claims;
    }

    public void setClaims(String str) {
        this.claims = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public Set<String> getRefreshTokensCodes() {
        return this.refreshTokens.keySet();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public Set<String> getAccessTokensCodes() {
        return this.accessTokens.keySet();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public List<AccessToken> getAccessTokens() {
        return new ArrayList(this.accessTokens.values());
    }

    public List<TxToken> getTxTokens() {
        return new ArrayList(this.txTokens.values());
    }

    public TxToken getTxToken(String str) {
        return this.txTokens.get(str);
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setScopes(Collection<String> collection) {
        this.scopes.clear();
        this.scopes.addAll(collection);
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public AccessToken getLongLivedAccessToken() {
        return this.longLivedAccessToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setLongLivedAccessToken(AccessToken accessToken) {
        this.longLivedAccessToken = accessToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public IdToken getIdToken() {
        return this.idToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setIdToken(IdToken idToken) {
        this.idToken = idToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public TokenEntity getTokenEntity() {
        return this.tokenEntity;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setTokenEntity(TokenEntity tokenEntity) {
        this.tokenEntity = tokenEntity;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public User getUser() {
        return this.user;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getAcrValues() {
        return this.acrValues;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setAcrValues(String str) {
        this.acrValues = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getSessionDn() {
        return this.sessionDn;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setSessionDn(String str) {
        this.sessionDn = str;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String checkScopesPolicy(String str) {
        this.scopes.clear();
        this.scopes.addAll(this.scopeChecker.checkScopesPolicy(this.client, str));
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = this.scopes.iterator();
        while (it.hasNext()) {
            sb.append(" ").append(it.next());
        }
        return sb.toString().trim();
    }

    public int getAccessTokenLifetimeInSeconds(ExecutionContext executionContext) {
        int keyRegenerationInterval;
        int accessTokenLifetime = this.appConfiguration.getAccessTokenLifetime();
        if (this.client != null && this.client.getAccessTokenLifetime() != null && this.client.getAccessTokenLifetime().intValue() > 0) {
            accessTokenLifetime = this.client.getAccessTokenLifetime().intValue();
        }
        int accessTokenLifetimeInSeconds = this.externalUpdateTokenService.getAccessTokenLifetimeInSeconds(ExternalUpdateTokenContext.of(executionContext));
        if (accessTokenLifetimeInSeconds > 0) {
            accessTokenLifetime = accessTokenLifetimeInSeconds;
            log.trace("Override access token lifetime with value from script: {}", Integer.valueOf(accessTokenLifetimeInSeconds));
        }
        if (this.client != null && this.client.isAccessTokenAsJwt() && this.appConfiguration.getKeyRegenerationEnabled().booleanValue() && (keyRegenerationInterval = (this.appConfiguration.getKeyRegenerationInterval() * UmaRptService.DEFAULT_RPT_LIFETIME) - ((int) ((System.currentTimeMillis() - this.keyGeneratorTimer.getLastFinishedTime()) / 1000))) > 0) {
            log.trace("Override access token lifetime based on key lifetime: {}", Integer.valueOf(keyRegenerationInterval));
            accessTokenLifetime = keyRegenerationInterval;
        }
        return accessTokenLifetime;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public AccessToken createAccessToken(ExecutionContext executionContext) {
        AccessToken accessToken = new AccessToken(getAccessTokenLifetimeInSeconds(executionContext));
        accessToken.setSessionDn(getSessionDn());
        accessToken.setX5ts256(CertUtils.confirmationMethodHashS256(executionContext.getCertAsPem()));
        String dpop = executionContext.getDpop();
        if (StringUtils.isNoneBlank(new CharSequence[]{dpop})) {
            accessToken.setDpop(dpop);
            accessToken.setTokenType(TokenType.DPOP);
        }
        return accessToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public RefreshToken createRefreshToken(ExecutionContext executionContext) {
        int refreshTokenLifetime = this.appConfiguration.getRefreshTokenLifetime();
        if (this.client.getRefreshTokenLifetime() != null && this.client.getRefreshTokenLifetime().intValue() > 0) {
            refreshTokenLifetime = this.client.getRefreshTokenLifetime().intValue();
        }
        RefreshToken refreshToken = new RefreshToken(refreshTokenLifetime);
        refreshToken.setSessionDn(getSessionDn());
        refreshToken.setDpop(executionContext.getDpop());
        return refreshToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public RefreshToken createRefreshToken(ExecutionContext executionContext, int i) {
        RefreshToken refreshToken = new RefreshToken(i);
        refreshToken.setSessionDn(getSessionDn());
        refreshToken.setDpop(executionContext.getDpop());
        return refreshToken;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getUserId() {
        if (this.user == null) {
            return null;
        }
        return this.user.getUserId();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getUserDn() {
        if (this.user == null) {
            return null;
        }
        return this.user.getDn();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public AuthorizationGrantType getAuthorizationGrantType() {
        return this.authorizationGrantType;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public Client getClient() {
        return this.client;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getClientId() {
        if (this.client == null) {
            return null;
        }
        return this.client.getClientId();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public String getClientDn() {
        if (this.client == null) {
            return null;
        }
        return this.client.getDn();
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public Date getAuthenticationTime() {
        return this.authenticationTime;
    }

    public void setAuthenticationTime(Date date) {
        this.authenticationTime = date;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public Set<String> getScopes() {
        return this.scopes;
    }

    public String getAuthzDetailsAsString() {
        if (this.authzDetails != null) {
            return this.authzDetails.asJsonArray().toString();
        }
        return null;
    }

    public AuthzDetails getAuthzDetails() {
        return this.authzDetails;
    }

    public void setAuthzDetails(AuthzDetails authzDetails) {
        this.authzDetails = authzDetails;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public JwtAuthorizationRequest getJwtAuthorizationRequest() {
        return this.jwtAuthorizationRequest;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setJwtAuthorizationRequest(JwtAuthorizationRequest jwtAuthorizationRequest) {
        this.jwtAuthorizationRequest = jwtAuthorizationRequest;
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setAccessTokens(List<AccessToken> list) {
        put(this.accessTokens, list);
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setTxTokens(List<TxToken> list) {
        put(this.txTokens, list);
    }

    private static <T extends AbstractToken> void put(ConcurrentMap<String, T> concurrentMap, List<T> list) {
        concurrentMap.clear();
        if (list == null || list.isEmpty()) {
            return;
        }
        for (T t : list) {
            concurrentMap.put(t.getCode(), t);
        }
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public List<RefreshToken> getRefreshTokens() {
        return new ArrayList(this.refreshTokens.values());
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public void setRefreshTokens(List<RefreshToken> list) {
        put(this.refreshTokens, list);
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public RefreshToken getRefreshToken(String str) {
        if (log.isTraceEnabled()) {
            log.trace("Looking for the refresh token: {} for an authorization grant of type: {}", str, getAuthorizationGrantType());
        }
        return this.refreshTokens.get(TokenHashUtil.hash(str));
    }

    @Override // io.jans.as.server.model.common.IAuthorizationGrant
    public AbstractToken getAccessToken(String str) {
        String hash = TokenHashUtil.hash(str);
        if (this.idToken != null && this.idToken.getCode().equals(hash)) {
            return this.idToken;
        }
        if (this.longLivedAccessToken != null && this.longLivedAccessToken.getCode().equals(hash)) {
            return this.longLivedAccessToken;
        }
        TxToken txToken = this.txTokens.get(hash);
        return txToken != null ? txToken : this.accessTokens.get(hash);
    }

    public String toString() {
        return "AbstractAuthorizationGrant{user=" + this.user + ", authorizationCode=" + this.authorizationCode + ", client=" + this.client + ", grantId='" + this.grantId + "', nonce='" + this.nonce + "', acrValues='" + this.acrValues + "', sessionDn='" + this.sessionDn + "', codeChallenge='" + this.codeChallenge + "', codeChallengeMethod='" + this.codeChallengeMethod + "', authenticationTime=" + this.authenticationTime + ", scopes=" + this.scopes + ", authorizationGrantType=" + this.authorizationGrantType + ", tokenBindingHash=" + this.tokenBindingHash + ", x5ts256=" + this.x5ts256 + ", claims=" + this.claims + ", authzDetails=" + this.authzDetails + "}";
    }
}
